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I.  INTRODUCTION 


As  our  Command,  Control  and  Communications  (C^)  systems  increasingly  rely 
on  computers,  databases,  and  secure  communications  networks,  there  is  a  need  for 
accurate  and  reliable  access  control  hardware.  Positive  identification  of  the  users  is 
necessary  to  ensure  that  only  authorized  users  gain  access;  and  to  ensure  that  an 
accurate  audit  trail  exists,  if  a  violation  occurs.  Most  automated  access  control 
mechanisms  don't  provide  this  level  of  security.  Access  control  hardware  that  uses 
retinal  blood  vessel  pattern  recognition  may  be  the  solution  to  this  problem. 

Access  controls  are  designed  to  protect  information  in  a  computer  system.  There 
are  two  major  aspects  to  access  control  of  computer  resources  (FIPS  Pub  83,  19S0): 

(1)  Identification  and  authentication  of  authorized  users 

(2)  Authorization  for  the  use  of  designated  resources  in  the  intended  manner. 

Both  of  these  are  critical  to  maintaining  the  integrity  of  a  C~  system.  There  must  be 
controls  to  ensure  that  information  is  protected  from  unauthorized  access  and  or 
manipulation  of  sensitive  information.  Through  positive  identification  of  the  users, 
there  is  also  the  added  deterrent  from  misuse  of  information  when  one  knows  that  an 
accurate  audit  trail  exists  linking  them  to  that  information. 

Access  controls  are  based  on  identifying  an  individual  through  (FIPS  Pub  83, 

1980): 

(1)  Something  that  they  know  (i.e.,  passwords) 

(2)  Something  that  they  possess  (i.e.,  tokens,  keys,  security  cards) 

(3)  Something  about  the  person  (i.e.,  physical  or  dynamic  characteristics). 

There  are  advantages  and  disadvantages  to  each  of  the  above  methods  with  regards  to 
expense,  administration,  and  amount  of  security  provided. 

1)  SOMETHING  A  PERSON  KNOWS 

Passwords  are  the  most  commonly  used  and  least  expensive  means  to  control 
access  to  computer  networks.  The  advantage  of  no  extra  hardware  requirements 
decreases  the  start  up  costs  when  implementing  the  system.  The  amount  of 
administrative  work  associated  with  the  generation  and  selection  of  passwords  is  a 
function  of  the  level  of  security  one  desires  for  the  material  being  protected.  The 
disadvantage  of  passwords  is  the  possibility  that  the  password  can  be  compromised, 
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either  intentionally  or  unintentionally.  A  password  can  be  used  by  an  unauthorized 
user  to  gain  access  and  this  violation  may  not  be  detected  until  after  damage  has  been 
incurred  on  the  System. 

2)  SOMETHING  THAT  A  PERSON  POSSESSES 

Special  tokens,  keys,  or  security  cards  can  be  used  to  control  access  and  identify 
an  individual.  Since  these  items  can  easily  fall  into  an  unauthorized  persons  hands 
through  loss  or  theft,  they  are  usually  used  in  tandem  with  a  password  or  a  Personal 
Identification  Number  (PIN).  This  method  is  more  costly  than  the  use  of  passwords 
alone  due  to  the  additional  hardware  and  administrative  requirements.  Even  when 
Security  Cards  are  used  with  a  PIN  or  password,  the  possibility  still  exists  that  the 
system  can  be  accessed  by  unauthorized  users. 

3)  SOMETHING  ABOUT  THE  PERSON 

Since  there  are  inherent  drawbacks  associated  with  the  other  two  methods  of 
identification,  much  emphasis  has  been  placed  on  positive  identification  through 
personal  attributes  or  characteristics.  Biometric  recognition  devices  have  been 
developed  which  can  identify  a  person  by  hand  geometry,  fingerprints,  signatures, 
speech  and  retinal  blood  vessel  patterns.  One  of  the  major  problems  with  biometric 
recognition  is  the  difficulty  in  performing  precise  and  repeatable  measurements  on  the 
human  body.  An  optimal  recognition  device  can  distinguish  between  the  interpersonal 
variation  and  minimize  the  effects  of  intrapersonal  variation.  Due  to  the  curvilinear 
nature  of  the  human  body  and  the  lack  of  precise  reference  points  to  measure  from,  the 
intrapersonal  variation  can  become  exceedingly  large.  Most  biometric  recognition 
devices  deal  with  this  problem  through  the  use  of  tolerance  thresholds  and  allowing  the 
user  several  attempts  to  get  within  these  limits.  Biometric  recognition  devices  can  be 
expensive,  but  are  capable  of  the  best  security  and  the  lowest  administration  costs  since 
password  and  security  card  maintenance  are  not  required. 

There  are  two  types  of  errors  that  a  biometric  recognition  device  can  make: 

(1)  TYPE  I  ERROR  -  This  is  when  an  authorized  user  is  falsely  rejected,  usuallv 
due  to  intrapersonal  variation  that  is  too  large  and  falls  outside  the  tolerance 
threshold  limits. 

(2)  TYPE  II  ERROR  -  This  occurs  when  an  individual  is  falsely  accepted  and 
allowed  access,  usually  due  to  the  tolerance  threshold  limits  Being  too  large, 
coupled  with  an  individual  with  a  small  interpersonal  variation  with  an 
authorized  user.  This  situation  can  cause  overlaps  which  can  result  in  TYPE 
II  errors. 

Obviously,  one  would  want  a  system  that  minimizes  errors,  which  can  be  costly. 
TYPE  I  errors  tend  to  hassle  and  demoralize  authorized  users  by  not  allowing  them 
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access  to  the  system.  There  are  additional  costs  associated  with  these  errors  through 
work  lost  and  the  added  requirement  to  have  security  guards  nearby  to  allow  these 
authorized  users  access.  In  the  C°  environment  TYPE  II  errors  are  unacceptable  due 
to  the  potentially  high  security  risks  associated  with  sensitive  information. 

There  is  a  tradeoff  between  TYPE  I  and  TYPE  II  error  rates.  To  minimize 
TYPE  I  errors  by  increasing  the  tolerance  thresholds,  the  TYPE  II  error  rate  can 
potentionally  increase.  So,  a  marginal  amount  of  TYPE  I  errors  may  be  acceptable  in 
order  to  minimize  the  possibility  of  TYPE  II  errors. 

This  study  looks  at  a  biometric  recognition  device  that  uses  retinal  blood  vessel 
patterns  to  identify  an  individual.  Retinal  blood  vessel  patterns  have  been  proven  to 
be  highly  individualistic  and  stable  (Simon  and  Goldstein,  1935).  This  device  compares 
your  digitized  retinal  pattern  to  one  that  has  been  stored  in  memory.  If  the  difference 
between  the  scan  of  your  eye  and  the  one  in  memory  is  within  the  tolerance  threshold 
limits,  then  you  gain  access.  Otherwise,  access  is  denied. 

The  reference  template  of  one's  eye  is  formed  through  an  enrollment  process  that 
involves  averaging  several  pictures  of  your  blood  vessel  pattern.  Averaging  is  used  to 
build  a  more  robust  reference  template  to  compare  against  when  allowing  one  access. 
This  allows  for  a  degree  of  intrapersonal  variation  caused  by  differences  in  head  and 
eye  positioning. 

The  Eye  Dentify  7.5  system  has  two  basic  modes  of  operation,  VERIFY  and 
RECOGNIZE.  In  the  VERIFY  mode,  the  user  inputs  a  four  digit  PIN  by  pushing 
those  numbers  on  the  keypad  just  before  taking  the  eye  scan.  The  7.5  system 
compares  the  template  associated  with  that  PIN  and  the  users  eye  scan.  In  the 
RECOGNIZE  mode,  no  PIN  is  required.  The  7.5  System  searches  through  the  entire 
memory  for  a  match  that  is  within  the  tolerance  threshold  limits. 

For  the  purposes  of  this  study,  the  RECOGNIZE  mode  was  used.  The 
experiment  was  designed  to  determine  the  effects  on  TYPE  I  and  TYPE  II  error  rates 
when  the  database  size  and  the  number  of  enrollment  scans  used  to  form  the  reference 
template  are  varied.  Also  considered  is  the  applicability  of  this  technology  in  C-5 
systems. 
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II.  THE  EXPERIMENT 


A.  EQUIPMENT  USED 

The  Eye  Dentify  7.5  system  is  a  retinal  blood  vessel  pattern  recognition  device. 
Scientific  studies  dating  back  to  1935  support  the  premise  that  retinal  blood  vessel 
patterns  are  unique  to  the  individual  and  very  stable.  Dr.  Carleton  Simon  and  Dr. 
Isodore  Goldstein  published  a  paper  in  1935,  which  discussed  the  results  of  their  study 
on  using  retinal  photographs  as  a  means  to  uniquely  identify  an  individual. 


What  is  true  of  the  finaerprint  system  is  also  true  of  this  new  svstem.  in  that  no 
two  individuals  have  The  same  identification  patterns.  The  'many  and  great 
variety  of  blood  vessel  confiaurations  makes  it  a  mathematical  certainty  that  no 
two  retinal  formations  are  identical.  In  thousands  of  photographs,  none  have 
been  found  to  be  the  same.  Age  or  disease  may  change  in  tortuosity  the  lumen 
of  the  blood  vessels,  but  their '"position  and  the'ir  correlation  remain  unchanged 
through  life,  and  what  is  of  greatest  interest,  they  cannot  be  altered  or  effaced)".  . 
.  (Simon  and  Goldstein.  1935) 


In  1955,  Dr.  Paul  Tower  confirmed  this  previous  study  when  he  published  a  paper 
which  concluded  that  the  greatest  dissimilarity  between  Identical  Twins  was  in  their 
retinal  blood  vessel  patterns  (Tower,  1955). 

1.  Hardware 

This  system  is  composed  of  an  eye  camera  (ICAM),  monocular  eyepiece,  8 
character  LED  display,  12  digit  keypad  (0-9,  #,  *),  SCAN  button,  68000 
microprocessor,  and  bubble  memory  all  enclosed  in  a  cast  aluminum  housing  (See  Fig. 
2.1).  There  is  an  I/O  interface  for  a  terminal  which  enables  control  of  the  internal 
software  functions  and  operations.  An  additional  I/O  auxiliary  port  is  provided  to 
allow  computer  and  printer  interface.  A  microcomputer  was  used  in  this  experiment  to 
up  and  down  load  the  databases  from  a  floppy  disk.  A  printer  with  a  serial  to  parallel 
converter  was  used  for  documentation  of  collected  data. 

2.  Eye  Camera  (ICAM) 

The  ICAM  scans  a  fovea-centered  circle  on  the  back  wall  of  the  eye,  which 
includes  the  retina  and  choriod  (See  Fig.  2.2).  The  light  source  is  an  infrared  light 
emiting  diode,  which  has  been  proven  safe  for  this  level  and  duration  of  exposure  to 
the  human  eye  (Eye  Dentify  Inc.,  1984).  The  spectrum  and  power  level  used  is  similar 
to  that  of  a  common  television  remote  control  device.  When  in  operation,  the  ICAM 
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Figure  2.1  The  Eye  Dentify  7.5  System  Hardware. 

performs  a  -150  degree  circular  scan  (1.25  revolutions  of  the  scanner)  which  detects  and 
digitalizes  contrast-relative  light  and  dark  areas  on  the  scanning  circle. 

3.  Recognition  Mode 

When  operating  in  the  RECOGNITION  mode,  the  7.5  system  uses  a 
proprietary  algorithm  that  searches  the  entire  database  in  bubble  memory  for  the  five 
closest  templates,  then  picks  the  best  match.  This  "best  match"  must  then  be  within 
the  tolerance  threshold  limits  for  one  to  gain  access.  This  process  was  designed  to 
increase  the  SPEED  OF  RESPONSE.  The  SPEED  OF  RESPONSE  is  then  a  function 
of  the  database  size  stored  in  bubble  memory.  Up  to  1200  eye  templates  can  be  stored 
in  bubble  memory  (Eye  Dentify  Inc.,  I9S4). 

B.  OBJECTIVE  OF  THE  EXPERIMENT 

The  objective  of  the  experiment  was  to  compute  the  TYPE  I  and  TYPE  II  error 
rates  when  subjects  were  tested  in  nine  different  situations,  where  database  size  and  the 
number  of  enrollment  scans  that  formed  their  reference  template  were  varied.  A 
secondary  objective  was  to  monitor  the  SPEED  OF  RESPONSE  in  each  situation. 
The  database  size  in  bubble  memory  was  varied  by  using  300,  600  and  1200  eye 
templates.  Each  subject  was  enrolled  three  different  times.  Each  reference  template 
was  formed  in  an  averaging  process  that  was  composed  of  3,  5  or  7  eye  scans. 
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Figure  2.2  The  Scanning  Circle. 

C.  EXPERIMENTAL  PROCEDURE 

1.  Participants 

Twenty  two  subjects  participated  on  a  volunteer  basis.  There  were  no 
incentives  offered  for  good  performance,  just  the  subject's  interest  and  competitiveness 
were  sufficient.  All  were  military  officers,  between  the  ages  of  25  and  35,  who  were 
assigned  to  the  Command,  Control  and  Communications  Curriculum  at  the  Naval 
Postgraduate  School.  There  was  a  good  cross-section  of  subjects  with  vision  that 
required  corrective  eyewear,  either  contact  lenses  or  glasses.  The  high  reflectivity  of 
eyeglasses  inhibits  the  ability  of  the  7.5  system  to  scan  the  eye,  so  those  subjects  that 
wore  glasses  were  asked  to  remove  them  for  the  experiment.  Contact  lenses  appeared 
to  have  no  effect  on  the  person's  performance.  Most  subjects  were  familiar  with  the 
7.5  system,  but  had  not  used  it  extensively. 

2.  Enrollment  Process 

The  first  step  in  the  experiment  was  the  enrollment  process.  A  system 
compatible  terminal  was  used  to  control  the  internal  software  functions,  allowing  one 
to  use  the  7.5  system's  enrollment  function.  This  is  easily  accomplished  by  entering 
"E",  as  indicated  on  the  menu. 


13 


SYSTEM  FLOW  DIAGRAM 


CAME  R A 

I 

A/O  CONVERTER 


•  CAM  {ev e  camera  ) 


320  «terr*iH  W*t  »C0" 

AAVEFORM  -ROC 

I 

j  256  ID  vgnol 

‘.‘COE  SWITCH 


/I 

>  ♦  * 


ENROLL 


40  9»t* 
Et#  St 9 


V£Rlr  Y->.or 


(PIN) 

I 


R£CC3r»'.CE->  WH0 


-J  L2.  3,  4.  5.6,7, 
I  born 


Net  «ecogn<i«d 


OfOtcoitd  680CO  mcr  o  :omou»f  r 


EE^RCM  or  OjLDle  memory 

EYO  SICJATJPZ  *  corrasue  o f  live  TO  signals  acquired  during 
enrolment  process.  Each  eye  (left  and  riant)  is  packed  into 
40  bytes  (320  Bits)  tor  storage  m  tne  Ibank 

I  cam  -  acquires  and  digitizes  the  identification  pattern  from 
the  subject's  eye 

IBANK  -  Storage  of  ail  Eye  Signatures  (reference  templates) 

PIN  -  Personal  Identification  Number.  Used  m  Verify  mode  to 
select  specific  Eye  Signature  for  natch 

MODE  SWITCH  -  Selects  the  mode  of  the  7.5.  Enroll  mode  allows 
a  new  individual  to  be  added  to  the  Ibank.  Verify  compares 
a  live  eye  with  the  Eye  Sicnature  desianated  by  the  PIN 
entry.  kecognition  automatically  selects  best  Eye  Signature 
from  the  I bank 


Figure  2.3  Eye  Dentify  7.5  System  Operation. 
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For  the  purposes  of  this  experiment,  three  reference  templates  were  formed  for 
each  subject.  The  reference  template  is  formed  through  an  averaging  process.  The 
number  of  eye  scans  averaged  together  when  forming  the  reference  template  could  have 
a  significant  effect  on  TYPE  I  and  TYPE  II  error  rates.  The  three  reference  templates 
were  composed  of  3,  5  or  7  scans.  The  templates  were  formed  in  a  random  order  for 
each  subject  and  at  least  five  minutes  transpired  between  enrollments.  Three  floppy 
disks  were  used  to  store  and  keep  each  individual's  reference  template  separate,  so  each 
floppy  disk  contained  only  the  22  subjects  whose  reference  template  was  formed  using 
the  same  number  of  scans.  A  microcomputer  was  used  to  upload  and  download  the 
templates  between  the  7.5  system  and  the  floppy  disk.  The  7.5  system's  bubble 
memory  was  erased  in  between  each  evolution  to  keep  the  databases  separate.  A 
description  of  this  process  can  be  found  in  Appendix  A. 

The  USER  manual  recommends  that  each  subject  be  enrolled  with  at  least  5 
scans  and  that  the  average  correlation  score  for  all  5  scans  be  above  +0.90.  The 
correlation  score  is  a  mathematical  representation  computed  by  the  6S000 
microprocessor  in  the  7.5  system,  which  describes  how  similar  the  most  recent  scan  is 
to  the  template  stored  in  memory.  The  correlation  score  could  be  any  number  between 
+  1.00  to  -1.00.  Although  we  strayed  from  this  recommended  procedure  to  test  the 
significance  of  the  number  of  scans  used  to  form  the  reference  template,  all  but  one  of 
the  twenty  two  subjects  easily  averaged  above  the  score  of  +0.90  during  enrollment. 
The  subject  that  had  the  difficulty  with  this  criteria  wore  corrective  glasses  for 
astigmatism.  This  subject  described  difficulty  in  visually  maintaining  similar  head  and 
eye  positioning  between  scans.  This  consistency  is  necessary  for  high  correlation 
scores. 

To  bring  consistency  to  one's  approach  when  operating  the  7.5  system,  the 
following  guidelines  were  given  to  each  subject  prior  to  each  enrollment  session  and 
prior  to  each  session  of  the  experiment. 

(1)  Square  the  head  perpendicular  to  the  machine,  resting  the  forehead  on  the 
headrest  provided.  Alien  the  head  so  the  rieht  eve  is  adjacent  to  the  recessed 
eye  port. 

(2)  By  looking  into  the  recessed  eve  port  and  movine  the  head  slightlv,  dots  of 
light  can  be  seen  which  form  a  three  dimensionaf  cone.  Center  the  head  so 
that  the  cone  appears  as  a  circle.  At  this  point,  ensure  the  head  is  still 
perpendicular  to  the  machine.  Focus  on  the  center  of  the  circle. 

(3)  Press  the  SCAN  button  gently. 
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After  the  SCAN  button  is  pressed  (at  least  two  scans  are  required  before  a 
correlation  score  can  be  computed  during  enrollment),  the  enroller  is  given  the  choice 
of  whether  the  latest  scan  is  averaged  into  the  reference  template  or  discarded.  The 
criteria  for  accepting  or  rejecting  the  latest  scan  was  dependent  on  whether  the 
correlation  score  was  above  +0.90  or  below,  only  scans  above  +0.90  were  accepted. 

At  this  point  the  enroller  is  given  four  options: 

(1)  Continue  the  enrollment  process  so  more  scans  can  be  averaged  into  the 
reference  template. 

(2)  Restart  the  process.  By  activating  Restart,  all  but  the  latest  scan  is  retained  in 
memory.  All  previous  scans  are  discarded. 

(3)  Cancel  the  process.  This  terminates  the  enrollment  process  and  discards  all 
scans  acquired  for  that  individual  during  that  session.  Any  templates 
previously  stored  in  memory  for  that  individual  are  not  effected. 

(4)  Finish  the  enrollment  process.  This  allows  the  enroller  to  input  the  subjects 
identifier  and  the  threshold  limits  for  the  VERIFY  and  RECOGNITION 
modes.  The  threshold  limit  for  this  experiment  in  the  RECOGNITION  mode 
was  set  at  0.71  for  each  individual. 

If  a  subject  consistently  scored  low,  then  the  restart  function  was  activated. 
This  action  usually  resulted  in  higher  correlation  scores.  If  the  first  scan  from  an 
individual  was  poor,  this  tended  to  pull  the  correlation  score  from  all  subsequent  scans 
down.  By  activating  the  restart  function,  this  first  poor  scan  would  be  discarded 
allowing  the  consistency  of  the  later  scans  to  result  in  higher  correlation  scores. 

3.  IBANK  Database 

To  determine  the  effects  of  database  size  on  TYPE  I  and  TYPE  II  error  rates, 
a  large  database  of  1150  subjects  was  obtained  from  Eye  Dentifv  Inc.  This  database 
was  used  to  obtain  the  300,  600  and  1150  template  databases  used  in  the  experiment. 
This  process  is  described  in  Appendix  B.  These  databases  were  stored  separately  on 
three  floppy  disks. 

4.  Experiment  Sessions 

All  twenty  two  subjects  were  tested  in  each  of  the  nine  situations  that  can  be 
formed  when  combining  the  3  database  sizes  with  the  3  reference  templates  for  each  of 
the  22  subjects.  Each  trial  consisted  of  5  samples  per  subject.  For  each  session,  a 
randomly  selected  combination  would  be  stored  in  the  memory  of  the  7.5  system.  The 
subject  would  go  through  the  scanning  procedure  five  times,  looking  up  between  scans. 
The  response  (accepted  or  rejected)  and  the  time  for  the  system  to  respond  were 
recorded  after  each  scan.  A  stopwatch  was  used  to  determine  the  time  between  the 
pushing  of  the  SCAN  button  and  wrhen  the  response  was  displayed. 
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D.  RESULTS 


The  three-way  factorial  experiment  was  designed  to  determine  whether  the 
number  of  TYPE  I  and  TYPE  II  errors  were  significantly  affected  when  database  size 
and  number  of  enrollment  scans  are  varied.  The  level  of  significance  was  set  at  a=  .05 
during  the  design  phase  of  the  experiment.  An  analysis  of  variance  was  performed  on 
the  data  using  the  statistical  package  by  SAS  Institute  Inc..  The  analysis  of  variance 
test  allows  one  to  statistically  determine  if  there  is  any  significant  effect  on  the 
outcome  caused  by  one  or  several  factors. 

During  the  course  of  this  experiment,  there  were  no  TYPE  II  errors  or  false 
recognitions  observed.  Not  one  subject  was  misrecognized  in  over  1000  trials  conducted 
in  this  experiment. 


TABLE  1 

TYPE  II  ERRORS 


THERE  WERE 
NO  TYPE  II  ERRORS 


Data  was  collected  to  find  the  recognition  rates  and  times  to  response  in  each 
cell.  The  recognition  rate  is  the  number  of  recognitions  for  that  cell  divided  by  the 
total  number  of  trials  for  that  cell.  The  recognition  rate  distribution  was  expected  to 
be  binomial  in  nature,  since  one  is  either  recognized  or  not  recognized.  The  variances 
for  each  cell  was  computed,  and  the  Fmax  statistic  was  applied  to  determine  if  the 
variances  could  be  considered  as  coming  from  the  same  population.  This  is  an 
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underlying  assumption  that  must  be  fulfilled  before  the  results  of  the  analysis  of 
variance  can  be  considered  valid.  The  variances  fell  outside  this  criterion,  so  the 
ARCSIX  transformation  (Y'=  2*ARCSIN(SQRT(Y))  was  applied  to  stabilize  the 
variances  (Winer,  1971). 


TABLE  2 

ANALYSIS  OF  VARIANCE 


SOURCE 

DF 

SS 

MS 

F 

SIGNIF 

SCAM 

2 

.  6239 

.  3120 

2. 0109 

DB( SIZE) 

2 

.  1368 

.  0684 

.  4409 

PERSON 

21 

13. 7162 

.  6532 

4.  2100 

p<  .  05 

SCAN*D3 

4 

1.  2929 

.  3232 

2. 0831 

SCAN* PERSON 

42 

9. 5647 

.  2277 

1.  4676 

D3*?ERS0N 

42 

6.  9857 

.  1663 

1. 0718 

POOLED  ERROR 

SCAN*DB* PERSON 

84 

13. 0333 

.  1552 

TOTAL 

197 

45. 3532 

The  recognition  rate  for  each  cell  consisted  of  5  samples  for  each  subject.  By 
using  recognition  rate,  there  was  only  one  data  point  per  cell  which  made  the 
calculation  for  the  3-way  interaction  impossible.  By  pooling  the  3-wav  interaction  with 
the  error  term  the  F-statistics  were  calculated. 

To  determine  if  the  calculated  F-statistic  is  significant,  one  needs  to  see  if  it  is 
greater  than  the  F-statistic  found  in  a  book  of  statistical  tables.  As  can  be  seen  from 
Table  2.  the  only  significant  F-statistic,  was  that  which  related  to  person.  Database 
size  and  number  of  enrollment  scans  were  not  statistically  significant  when  a  =  .05. 
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Figures  2.4  and  2.5  show  the  recognition  rate  means  and  95%  Confidence  Intervals  for 
scan  number  and  database  size.  There  appeared  to  be  an  interaction  between  DB 
SIZE  and  SCAN  that  proved  statistically  insignificant,  but  was  interesting.  This 
interaction  is  highlighted  by  Figure  2.6,  as  one  can  see  the  line  depicting  5  scans  with  a 
98%  recognition  rate  at  the  300  template  database  drop  down  to  93%  at  the  600 
database,  when  the  3  and  7  scan  lines  are  increasing.  This  can  be  attributed  to  random 
deviations  that  can  occur  and  are  statistically  insignificant. 
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Figure  2.4  Effect  of  Number  of  Scans  on  Average  Recognition. 

The  average  times  to  response  can  be  seen  in  Figure  2.7.  Time  of  response  was 
effected  by  the  size  of  the  database  and  whether  the  individual  was  recognized  or  not. 
The  distributions  appeared  to  be  linear-log  in  nature,  as  the  time  rate  of  change 
remained  constant  at  3  seconds  as  the  database  size  doubled.  The  time  of  response  for 
NOT  RECOGNIZED  was  consistently  about  4  seconds  longer  than  a  RECOGNIZED 
response. 
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Database  Size 


Figure  2.5  Effect  of  Database  Size  on  Average  Recognition. 
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Figure  2.6  Scan  Number  -  Database  Size  Interaction. 


20 


Figure  2.7  Time  of  Response. 
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III.  DISCUSSION 


A.  MEASURES  OF  EFFECTIVENESS 

To  evaluate  the  effectiveness  of  a  system  one  must  consider  how  that  system  is  to 

be  used,  then  judge  the  system  in  that  context.  This  system  was  evaluated  from  the 

■> 

perspective  of  how  it  would  perform  in  a  C-3  environment.  The  performance  of  an 
access  control  system  is  most  critical  when  considered  in  this  arena. 

1.  TYPE  I  Error  Rate 

The  recognition  rate  and  resultant  TYPE  I  error  rate  were  based  on  only  one 
attempt  per  trial.  If  several  attempts  were  allowed  for  one  to  be  recognized  per  trial, 
the  TYPE  I  error  rate  would  be  significantly  lower.  For  this  system's  use  in  the 
operational  mode,  it  would  be  advantageous  to  allow  3  attempts  in  order  to  minimize 
the  rejection  of  authorized  users.  The  overall  recognition  rate  for  this  experiment  in  all 
conditions  was  94.3%,  when  the  recognition  threshold  was  set  at  .71.  The  TYPE  1 
error  rate  is  calculated  by  subtracting  the  recognition  rate  from  one.  which  in  this  case 
is  5.7%. 

The  TYPE  I  error  rate  should  be  low  so  to  allow  access  to  authorized 
personnel  with  a  minimum  of  inconvenience.  In  this  experiment  less  than  one  percent 
were  denied  access  after  3  attempts.  When  time  is  critical  as  in  the  Cff  environment, 
this  system  could  give  some  of  the  personnel  problems,  since  the  strongest  predictor  of 
TYPE  I  errors  in  this  experiment  was  the  individual.  The  subject  with  the  worst 
recognition  rate  was  recognized  7S%  of  the  time.  This  may  be  improved  through 
reenrollment  since  that  process  is  so  critical  for  high  recognition  rates  to  be  achieved. 

2.  TYPE  II  Error  Rate 

There  were  no  TYPE  II  errors  observed  during  the  course  of  this  experiment 
in  which  over  1000  trials  were  performed.  Other  studies  have  reported  similar  results 
(Helle,  1985;  Masiero,  1986;  Maxwell,  undated).  This  is  a  very  critical  performance 
parameter  in  the  C"3  environment.  A  system  requires  protection  from  unauthorized 
access,  more  so  than  most  systems.  Eye  Dentify  Inc.  advertises  that  there  is  a  one  in  a 
million  chance  of  a  false  recognition  when  one  eye  is  used  and  significantly  better  when 
two  eyes  are  required  to  gain  access.  Sandia  Laboratories  performed  operational  tests 
on  several  biometric  devices  and  reported  that  the  eye  recognition  device  had  a 


significantly  lower  TYPE  II  error  rate  than  all  the  other  devices  tested.  (Maxwell, 
undated) 

3.  Time  of  Response 

Time  of  response  is  more  important  when  considering  physical  access  control 
than  computer  access  control.  In  physical  access  control  bottlenecks  can  occur  during 
high  volume  time  periods,  which  can  disrupt  operations.  For  computer  access  control 
one  is  less  likely  to  experience  bottlenecks,  but  a  fast  time  to  response  enhances  user 
acceptance  of  the  system.  From  the  CJ  perspective,  time  of  response  is  very  important 
when  time  is  limited.  The  greatest  time  of  response  experienced  during  this  study  was 
14  seconds  for  a  not  recognized  response  with  1200  personnel  in  the  database.  The 
time  for  a  NOT  RECOGNIZED  was  about  3  to  4  seconds  longer  than  for  a  recognized 
response,  and  the  time  of  response  was  longer  as  the  database  size  was  larger.  It  is  not 
known  what  the  effects  would  be  on  time  of  response  if  the  database  is  maintained  in  a 
mainframe  computer  versus  in  the  7.5  system's  bubble  memory  as  was  tested  in  this 
case.  In  any  event,  there  is  a  definite  linear  relationship  between  database  size  and 
search  time  as  shown  in  Figure  2.7. 

4.  Administration 

The  administration  of  a  high  level  security  system  can  be  enormous.  Most  of 
the  administrative  time  is  spent  maintaining  the  integrity  of  passwords  and  security 
cards.  There  are  many  precautions  for  secure  systems  when  passwords  are  utilized 
under  the  guidelines  set  by  the  National  Computer  Security  Center  (DoDCSC,  19S5). 
A  majority  of  this  burden  could  be  reduced  or  alleviated  through  use  of  a  biometric 
recognition  device,  where  passwords  and  security  cards  would  not  be  necessary.  With 
a  biometric  device  like  the  7.5  system,  the  administration  time  would  primarily 
encompass  the  time  spent  on  enrollment.  The  enrollment  time  for  this  experiment 
averaged  about  3  minutes  per  subject  for  all  enrollments. 

5.  User  Acceptance 

This  system  is  very  easy  to  use.  To  emphasize  the  point,  the  Dade  County 
Jail  of  Miami,  Florida  has  been  using  this  system  on  it's  inmates  (Eye  Dentifv  Inc., 
19S6).  The  inmates  are  enrolled  upon  entry  to  the  facility  and  verified  when  leaving  to 
ensure  the  correct  individual  is  released.  Some  degree  of  cooperation  is  required  of  the 
subject,  but  as  this  demonstrates,  one's  technical  background  is  unimportant. 

The  subjects  in  this  experiment  were  very  curious  about  the  system,  and 
specifically  how  the  system  works.  The  questions  most  frequently  asked  concerned  the 
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safety  of  the  scanning  process  and  how  the  I  CAM  collected  the  information  from  the 
eye.  The  user  acceptance  of  this  device  by  the  subjects  of  this  experiment  was  very 
high,  once  a  technical  explanation  of  the  system  was  provided. 

It  was  observed  that  some  subjects  had  more  difficulty  being  recognized  than 
others.  Some  of  this  difficulty  can  be  attributed  to  the  enrollment.  There  appears  to 
be  a  slight  learning  curve  associated  with  the  use  of  this  equipment  that  affects  some 
people  more  than  others.  By  reenrolling  these  individuals  and  taking  advantage  of  this 
learning  curve,  the  individual  should  achieve  higher  correlation  scores  through  more 
consistent  head  and  eye  positioning.  This  was  not  done  in  this  experiment  as  each 
subject  retained  their  original  reference  template  through  the  entire  experiment. 

Another  cause  for  lower  recognition  rates  would  be  from  the  subject's 
carelessness  when  positioning  the  head  and  eye  for  the  scan.  There  were  no  incentives 
or  rewards  given  to  the  subjects  for  high  recognition  rates,  but  generally  the  subjects 
had  an  interest  in  the  technology  and  therefore  tried  to  do  well.  The  subject  might  be 
somewhat  careless  until  they  get  a  NOT  RECOGNIZED,  then  would  try  harder  to  get 
accepted  by  the  system. 

6.  Cost 

The  Eye  Dentify  7.5  system  used  in  this  experiment  costs  about  $9,000.  which 
is  fairly  expensive.  The  system  is  a  stand  alone  physical  access  control  device,  which 
would  maintain  physical  access  control  of  an  entrance  to  an  area.  This  system  was 
designed  to  work  using  it's  own  bubble  memory,  but  some  companies  have  adapted  the 
system  so  it  can  use  a  centralized  databank. 

When  evaluating  the  cost  effectiveness  of  a  security  system,  one  must  consider 
the  environment  in  which  it  is  to  perform  and  the  amount  of  security  necessary  to 
enable  acceptable  risk  levels.  In  the  C^  environment,  the  risks  are  very'  high  and  the 
highest  performance  is  required.  The  7.5  system  has  performed  much  better  than 
others  analyzed  in  previous  studies  (Jones,  19S6;  Maxwell,  undated). 

As  can  be  expected  from  new  technology,  the  costs  are  generally  higher  than 
in  older  technology.  Once  the  Research  and  Development  costs  are  recovered  as 
production  increases  and  competitors  get  into  the  market,  the  costs  should  come  down 
significantly.  This  trend  is  expected  to  occur  with  the  Eye  Dentify  system. 
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B.  C3  APPLICATIONS 

Command  and  control  is  made  up  of  many  subsystems  as  is  portrayed  in  the 
Joint  Chiefs  of  Staff  (JCS)  definition  of  a  command  and  control  system. 

A  command  and  control  svstem  consists  of  facilities,  equipment, 
communications,  procedures,  and  personnel  essential  to  a  commander  for 
planning,  directing,  and  controlling  operations  of  assigned  forces  pursuant  to  the 
missions  assignedr(DoDJCS.  1979) 

Computer  systems  are  becoming  increasingly  important  for  the  military 
commander  to  fulfill  his  mission.  This  reliance  on  computer  systems  coupled  with  the 
high  risks  involved  if  the  information  is  compromised,  makes  access  control  to 
computer  systems  very  important  to  command  and  control. 

Command  and  control  centers  employ  many  personnel  all  of  which  have  varying 
degrees  of  security  level  clearances.  A  person  must  have  the  clearance  to  access 
classified  information  and  additionally  they  require  a  "need  to  know"  that  information. 
Through  automation  positive  identification  is  possible  through  retinal  blood  vessel 
pattern  recognition.  This  requirement  of  positive  identification,  as  was  pointed  out 
earlier,  is  not  possible  with  passwords  alone.  Positive  identification  enables  the 
computer  system  to  check  an  individuals  clearance  and  "need  to  know"  before  access  is 
given. 

Physical  access  control  is  equally  important  for  the  maintenance  of  a  C3  system. 
Currently,  mechanisms  like  cipher  locks,  keys,  security  guards  or  security  cards  are 
used  for  access  to  C3  areas.  Many  command  and  control  centers  are  compartmented 
within  the  physical  structure  along  the  lines  of  security  level  and  "need  to  know". 
Positive  identification  is  necessary  to  ensure  these  requirements  are  met.  Retinal 
recognition  could  be  used  to  control  access  to  a  facility  and  within  the  facility  to  take 
advantage  of  the  added  security  and  avoid  the  drawbacks  associated  with  the  currently 
used  methods. 

1.  Current  Applications 

The  acceptance  of  this  technology  is  already  widespread  as  many  corporations 
and  military  installations  have  employed  retinal  pattern  recognition  devices.  The  most 
common  application  is  for  physical  access  security,  replacing  the  need  for  security 
guards,  keys,  or  security  cards  to  gain  access.  Campbell  Engineering  designed  a 
security  access  control  booth  that  is  used  in  conjunction  with  this  system  (Smart  and 
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Labarile,  19S6).  The  booth  allows  only  one  to  enter  at  a  time  and  has  an  added 
feature  that  weighs  the  individual.  This  ensures  that  there  is  only  one  person,  and  that 
person  is  within  the  weight  limits  previously  determined,  thus  adding  an  additional 
criteria  for  one  to  enter  an  area. 

2.  Computer  System  Access  Control 

Due  to  the  increasing  need  for  better  security  of  computer  systems  and 
databases  within  CJ  systems,  this  technology  can  be  easily  adapted  for  use  as  a 
computer  system  access  control  device.  Most  of  the  7.5  system  functions  can  be 
carried  out  from  the  host  computer.  The  scanning  of  the  user's  eye  can  be  performed 
by  a  small  hand  heid  ICAM.  Once  the  scan  has  been  performed,  this  data  can  be 
inserted  to  the  host  computer  through  a  jack  on  the  terminal.  The  host  computer 
would  contain  the  database  with  the  individual's  reference  template  and  the  algorithm 
to  perform  the  comparison.  This  eye  scan  would  be  the  substitute  for  the  password 
during  the  LOGON  procedure. 

Currently,  there  is  a  prototype  of  a  small  hand  held  ICAM  under  development 
by  Eye  Dentify  Inc..  3v  aggregating  most  of  the  software  functions  of  the  7.5  system 
on  a  host  computer  and  having  the  hand  held  ICAM  accessible  to  several  terminals  at 
a  time,  the  cost  of  the  system  could  be  very  reasonable.  When  one  considers  the  added 
security  of  such  a  system  and  the  risks  involved  with  passwords,  this  may  be  the  way  to 
increase  CJ  system  security. 

3.  Possible  C^  Applications 

This  technology  is  basically  a  very  secure  way  to  replace  the  existing  means  to 
gain  access,  either  into  a  physical  area  or  into  a  computer  system.  If  the  risk  of 
unauthorized  access  is  high  as  in  C^,  then  one  might  want  to  think  about  installing  a 
system  such  as  this  to  replace  keys,  security  cards  and  passwords.  The  need  for 
security  guards  could  also  be  reduced  by  a  secure  automated  access  control  system. 

Database  security  is  one  area  that  could  be  greatly  improved  by  a  retinal 
recognition  system.  As  systems  become  increasingly  automated  with  new  sensors 
that  collect  large  amounts  of  data,  processors  and  decision  aids  draw  from  that  data  to 
help  the  battlefield  commander  make  informed  decisions.  The  integrity  of  the  database 
must  be  protected  not  only  from  unauthorized  reading  of  sensitive  data,  but  also  from 
unauthorized  manipulation  of  data. 

To  economize  on  space  and  increase  convenience,  one  database  might  store 
several  classification  levels,  this  is  called  a  multilevel  security  database.  When  a 
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workspace  is  occupied  by  personnel  of  different  classification  levels,  there  is  an 
increased  need  to  ensure  that  the  person  entering  a  password  is  indeed  the  person 
authorized  to  use  that  password.  In  a  large  system,  the  need  for  positive  identification 
of  users  multiplies  and  risk  increases.  Audit  trails  tracing  back  to  personnel  who 
accessed  certain  information  may  be  the  only  way  to  find  the  source  of  a  violation. 
With  passwords  as  the  only  means  to  identify  the  individual,  the  audit  trail  may  not  be 
correct. 

The  function  of  identifying  and  verifying  an  individual  could  be  performed 
within  the  computer  system  automatically  through  use  of  a  retinal  recognition  device. 
When  positive  identification  can  be  achieved,  there  are  no  compromised  passwords  to 
worry  about,  and  an  accurate  audit  trail  is  possible.  Passwords  can  be  compromised 
too  easily  for  their  use  to  continue  in  these  high  risk  environments. 

Weapon  security  could  also  benefit  front  this  technology.  Retinal  recognition 
could  be  used  to  activate  large  and  very  lethal  weapon  systems.  For  nuclear  weapons 
two  different  individual's  eyes  would  be  required  before  the  system  could  be  activated 
to  conform  with  the  two  man  rule.  Such  a  system  could  minimize  the  risks  associated 
with  a  weapon  that  falls  into  the  wrong  hands. 

For  a  command  and  control  computer  system  to  be  beneficial  to  a  battlefield 
commander,  it  needs  to  be  accessible  near  the  front  lines  and  have  mobility.  In  a 
multiservice  or  joint  command  there  is  a  constant  change  of  personnel  with  many 
unfamiliar  faces,  more  so  than  within  one  service.  This  presents  a  particularly  difficult 
security  problem.  Mobility  is  degradated  by  security  considerations  and  constraints  as 
it  requires  a  large  administrative  effort  to  maintain  high  standards  of  security  in  this 
environment.  Retinal  recognition  could  be  used  for  physical  access  controls  and 
computer  access  controls,  which  could  provide  improved  security  over  the  existing 
methods  with  significantly  less  administrative  effort.  Mobility  and  security  are  two 
criteria  for  a  mobile  command  post  that  could  be  improved  through  use  of  retinal 
blood  vessel  pattern  recognition. 

The  use  of  retinal  blood  vessel  pattern  recognition  to  protect  systems  from 
unauthorized  access  is  important  for  three  reasons.  First,  positive  identification  can  be 
ensured  with  a  high  level  of  confidence,  more  so  than  with  passwords  only.  Second, 
accurate  audit  trails  can  exist,  which  act  as  a  deterrent  and  generate  a  possible  suspect 
list  if  a  violation  occurs.  And  third,  there  would  be  a  significant  reduction  in  the 
administration  of  the  security  aspects  of  a  computer  system  as  the  stringent 
guidelines  concerning  passwords  would  not  be  required. 
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IV.  CONCLUSIONS 


The  Eye  Dentify  7.5  system  proved  to  be  a  very  reliable,  user  friendly  and  timely 
access  control  device  with  many  CJ  applications.  The  results  of  the  experiment 
demonstrated  that  most  people  will  be  positively  identified  at  least  94.3%  of  the  time 
on  one  attempt  and  99%  on  three  attempts,  regardless  of  database  size  and  at  least  3 
enrollment  scans.  It  was  found  that  the  difference  in  recognition  rate  was  not 
statistically  significant  for  3,  5  or  7  enrollment  scans  or  for  database  size  used.  This 
points  out  a  significant  time  savings  when  enrolling  new  personnel.  This  study  shows 
that  only  3  enrollment  scans  is  sufficient  for  most  people.  There  were  no  false 
recognitions  in  over  1000  trials. 

Through  the  necessity  to  automate  many  aspects  of  CJ,  there  is  also  the  necessity 
to  upgrade  the  protective  mechanisms  for  these  systems.  The  inherent  drawbacks 
associated  with  passwords  and  other  devices  carried  by  an  individual  (i.e.,  security  card) 
make  their  use  as  the  sole  access  control  mechanism  very  risky.  Retinal  recognition 
devices  like  the  one  used  in  this  experiment,  offer  greater  security,  less  administrative 
costs  and  enable  accurate  audit  trails  to  exist. 

Areas  requiring  further  study: 

1)  To  determine  the  TYPE  I  recognition  rates  when  subjects  require  access  while 
under  stress 

2)  To  determine  the  maanitude  of  a  learnina  curve  associated  with  retinal 
recognition  devices,  and"  how  best  to  employ  this  information 

3)  To  test  TYPE  I  and  TYPE  II  error  rates  when  the  hand  held  ICAY1  is  used 

4)  To  operationally  test  a  retinal  recognition  computer  access  control  system. 
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APPENDIX  A 

COMBINING  DATABASES 


It  is  possible  to  upload  two  separate  databases  into  the  7.5  system's  bubble 
memory  to  form  a  database  that  is  a  combination  of  the  two.  For  this  experiment,  this 
process  has  saved  time  and  increased  flexibility  as  the  three  database  sizes  and  the 
three  files  of  enrollment  scans  where  mixed  in  the  various  combinations.  The  software 
package  that  comes  with  the  7.5  system  indirectly  allows  one  database  to  be  inserted 
into  bubble  memory,  where  another  database  is  already  stored. 

The  7.5  system  has  a  very  simple  database  management  system  that  uses  a 
Personal  Identification  Number  (PIN)  as  the  primary  key  that  is  stored  with  the 
individual's  reference  template  data.  The  PINs  are  stored  in  sequential  order.  The 
enroller  is  given  the  option  of  assigning  the  PIN,  or  the  system  will  assign  them 
automatically  by  filling  up  the  lower  PINs  first.  The  PIN  can  not  be  changed  once  it 
has  been  assigned  to  the  reference  template  data.  This  allows  two  or  more  databases 
to  be  combined  with  out  destroying  data,  if  there  are  no  two  identical  PINs  occupied 
with  data  between  the  databases.  If  there  are  identical  PINs  occupied,  then  the  most 
recently  added  reference  template  will  replace  the  previous  template.  All  other  data 
will  remain  unchanged. 

The  key  to  combining  databases  is  to  assign  PINs  during  enrollment  which  are 
not  already  assigned  in  the  other  database.  Unless  one  intends  on  combining 
databases,  it  is  recommended  to  erase  the  bubble  memory  first.  This  will  help  to 
ensure  that  memory  only  contains  the  templates  that  were  last  inserted. 

For  this  experiment,  a  total  of  6  floppy  disks  were  used.  There  were  3,  which 
stored  the  300,  600,  and  1200  template  databases,  and  3,  to  store  the  3,  5,  and  7 
enrollment  reference  templates  for  the  subjects.  The  bubble  memory  was  empty  for 
each  of  the  enrollment  sessions,  so  the  subjects  filled  the  first  22  PIN  locations 
automatically.  The  300,  600,  or  1200  template  database  would  be  uploaded  to  memory 
first,  in  the  manner  described  in  the  USER  MANUAU.  The  22  templates  for  the 
subjects  would  be  uploaded  second,  and  would  over  write  these  first  22  PIN  locations 
in  memory  and  would  not  affect  the  rest  of  the  database. 
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APPENDIX  B 

TRIMMING  DOWN  A  DATABASE 


These  procedures  describe  how  to  trim  down  a  larger  database  to  a  smaller  size, 
as  was  required  for  this  experiment.  The  software  will  only  allow  one  template  to  be 
deleted  at  a  time  or  the  entire  memory',  there  is  no  in  between  where  a  range  of 
templates  might  be  deleted.  To  delete  one  template  only  takes  a  few  seconds,  but  to 
delete  600  takes  considerable  time.  This  set  of  procedures  will  only  trim  the  latter  part 
of  the  database;  which  means,  one  can  delete  all  templates  past  a  certain  point.  This  is 
due  to  the  way  the  software  sequentially  fills  the  bubble  memory  starting  with  the 
lowest  PIN  to  the  highest  PIN  with  a  template.  By  monitoring  the  system's  progress, 
then  halting  execution  when  the  desired  number  of  tempiates  have  been  transferred  to 
memory,  any  size  database  can  be  formed  from  a  larger  one  without  a  great  loss  of 
time. 

Once  the  upload  process  has  been  initiated  as  per  the  USER'S  MANUAL,  note 
the  time  that  the  upload  started.  It  takes  a  little  over  2  seconds  to  transfer  one 
template  from  a  disk  to  memory',  so  if  300  templates  are  to  be  transferred,  plan  on 
about  10  minutes  before  the  next  step  needs  to  be  performed  (2  seconds  *  300 
templates  /  60  seconds  =  10  minutes  ).  One  can  monitor  the  progress  of  the  transfer 
by  using  the  list  function  offered  to  allow  one  to  display  the  PIN's  and  identifiers 
currently  in  memory.  If  a  range  of  PIN’s  are  inputted,  the  list  function  will  display  5  at 
a  time  until  the  end  of  the  range  is  reached  or  until  there  is  no  more  occupied  PIN’s  to 
display.  One  can  enter  a  range  of  PINs  many  times  to  monitor  the  progress.  When 
the  desired  number  of  templates  have  been  transferred,  execution  can  be  halted  by 
pushing  Control  "C"  or  Control  Scroll  Lock  on  the  microcomputer's  keyboard.  This 
will  get  one  close  to  the  desired  number.  The  exact  number  can  be  achieved  through 
deletion  of  one  template  at  a  time. 
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